#!/usr/bin/perl -I./lib
# 
# CGI-BIN script to show an "user page" for a person
# with all that he has registered
# This is a copy that defeats the "have key" criteria....ugly!
#
# Parameters: key=Key (number-random) of user.
#
use Counter;
use CGI::Carp;
use Counter::CGI;
use CounterCGI;
use Fcntl;

$] > 5.008 && binmode(STDOUT, ":utf8"); # set web page output to utf-8
$q = new Counter::CGI;

my $sessid = $q->cookie("PHPSESSID");
my $session = PHP::Session->new($sessid, { create => 1 });

for $name ($q->param()) {
    $entry{$name} = $q->param($name);
}
$users = Counter::open(O_RDWR);
$persons = Counter::openfile("persons");

# Was there a key or email address as input?
if ($entry{"key"}) {
    $key = $entry{"key"};
    if (($key !~ m/^\d+$/) && ($key !~ /@/)) {
        returnwithmessage("You entered an incorrect key");
    }
} else {
    returnwithmessage("No key or email address entered");
}

# Check if the user pushed Show rather than Edit
if ($entry{"show"}) {
    print $q->redirect("https://$ENV{SERVER_NAME}//cgi-bin/adm/display-person.cgi?user=$entry{key}");
    exit(0);
} elsif ($entry{"newshow"}) {
    print $q->redirect("https://$ENV{SERVER_NAME}//adm/display-person.php?user=$entry{key}");
    exit(0);
}

# Remember - this is the ADMIN interface
if ($key =~ /^\d+-\d+$/) {
    warn "Getting on split key\n";
    ($index, $secret) = split("-", $key);
    $user = $users->get($index);
} elsif ($key =~ /@/) {
    $user = $users->getbyemail($key);
} else {
    $index = $key;
    $user = $users->get($index);
}
if (!defined($user)) {
    returnwithmessage("No such user as $key - try again\n");
} else {
    $index = $user->key();
    warn "Entry $index found\n";
    $key = $user->{key};
}
if ($user->{state} eq "frozen") {
    warn "Admin show-user: Thawing entry $index\n";
    $user->thaw();
}
$person = $persons->get($index);
if (!defined($person)) {
    warn "show-user: $index - no person record\n";
    $noperson = 1;
}
#
# Here's the real stuff!
# Note that we put the userkey as a HIDDEN attribute - this is, of
# course, unsafe. Ought to use hashing and timestamps instead....
#
print <<EoF;
content-type: text/html; charset="utf-8"

<html>
EoF
CounterCGI::pagehead("Linux Counter user page for UID #$index");
print "<body bgcolor=white>\n";
CounterCGI::pagetop($q);
my $comment = formquote($$user{comment});
print <<EoF;
<table>
<tr><td><img src="/cgi-bin/certificate.cgi/$index"
    alt="Registered Linux User #$index" align=middle>
<td><h1>
    Registration for<br> $person->{name}</h1>
</table>
Administrative update form
<form method=post action="/cgi-bin/adm/userupdate.cgi">
<input type="hidden" name="database" value="$entry{database}">
<input type="hidden" name="key" value="$index">
Admin Comment: <input name="comment" value="$comment" size=40>
EoF

# Show the person info too
# Use a predefined file for this - not quite nice, but workable.
# the trouble is that we are WITHIN a form.
open(WWWFORM, "cgi-adm/person-update-form.php") || die "Did not find person-form\n";
while (<WWWFORM>) {
    if (/^<FORM/) {
	$inform = 1;
	next;
    }
    next if !$inform;
    if (/NAME="(.*)"/i) {
	$field = $1;
	if ($person->{$field}) {
	    my $val = formquote($person->{$field});
	    s/NAME="$field"/NAME="$field" VALUE="$val"/;
	} elsif ($field eq "sendreplyto") {
	    my $val = formquote($user->{email});
	    s/NAME="$field"/NAME="$field" VALUE="$val"/;
	}
    }
    if (/<\/FORM>/) {
	print "<input type=submit name=\"delete\" value=\"Delete person info\"><p>\n";
	print;
	last;
    }
    print;
    
}

sub formquote {
    my $string = shift;

    $string =~ s/"/&quot;/g;
    return $string;
}

sub dieform {

    my $msg = shift;

    print <<EoF;
content-type: text/html; charset="utf-8"

<html>
<head>
<title>Error message</title>
</head>
<body>
<h1>Error</h1>
Your request could not be completed.
<p>
Reason: $msg
<p>
<!-- appropriate BACK buttons go here -->
</body>
EoF
    die "Error $msg\n";
}

sub returnwithmessage {
    my $message = shift;
    $session->set("message" => $message);
    $returnurl = $session->get("showpage");
    #warn "Returning to $returnurl\n";
    $session->save();
    print $q->redirect($returnurl);
    print <<EoF;
<html><head>
<title>You should have been redirected</title>
</head><body>
You should not have seen this. You should have been at
<a href="$returnurl">$returnurl</a>.
<p>
Please report the bug to webmaster&#x40;counter.li.org.
</body>
</html>
EoF
    exit(0);
}

